2 * Copyright (c) 1993 The Regents of the University of California.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the University nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 #include <machine/asmacros.h>
33 #include <machine/cputypes.h>
34 #include <machine/pmap.h>
35 #include <machine/specialreg.h>
45 * void bzero(void *buf, u_int len)
71 * The loop takes 14 bytes. Ensure that it doesn't cross a 16-byte
136 /* fillw(pat, base, cnt) */
156 cmpl %ecx,%eax /* overlapping && src < dst? */
166 addl %ecx,%edi /* copy backwards. */
180 * bcopy(src, dst, cnt)
181 * ws@tools.de (Wolfgang Solfrank, TooLs GmbH) +49-228-985800
194 cmpl %ecx,%eax /* overlapping && src < dst? */
197 shrl $2,%ecx /* copy by 32-bit words */
201 andl $3,%ecx /* any bytes left? */
211 addl %ecx,%edi /* copy backwards */
215 andl $3,%ecx /* any fractional bytes? */
219 movl 16(%ebp),%ecx /* copy remainder by 32-bit words */
233 * Note: memcpy does not support overlapping copies
242 shrl $2,%ecx /* copy by 32-bit words */
246 andl $3,%ecx /* any bytes left? */
254 /*****************************************************************************/
255 /* copyout and fubyte family */
256 /*****************************************************************************/
258 * Access user memory from inside the kernel. These routines and possibly
259 * the math- and DOS emulators should be the only places that do this.
261 * We have to access the memory with user's permissions, so use a segment
262 * selector with RPL 3. For writes to user space we have to additionally
263 * check the PTE for write permission, because the 386 does not check
264 * write permissions when we are executing with EPL 0. The 486 does check
265 * this if the WP bit is set in CR0, so we can use a simpler version here.
267 * These routines set curpcb->pcb_onfault for the time they execute. When a
268 * protection violation occurs inside the functions, the trap handler
269 * returns to *curpcb->pcb_onfault instead of the function.
273 * copyout(from_kernel, to_user, len) - MP SAFE
276 movl PCPU(CURPCB),%eax
277 movl $copyout_fault,PCB_ONFAULT(%eax)
284 testl %ebx,%ebx /* anything to do? */
288 * Check explicitly for non-user addresses. This check is essential
289 * because it prevents usermode from writing into the kernel. We do
290 * not verify anywhere else that the user did not specify a rogue
294 * First, prevent address wrapping.
300 * XXX STOP USING VM_MAXUSER_ADDRESS.
301 * It is an end address, not a max, so every time it is used correctly it
302 * looks like there is an off by one error, and of course it caused an off
303 * by one error in several places.
305 cmpl $VM_MAXUSER_ADDRESS,%eax
308 /* bcopy(%esi, %edi, %ebx) */
324 movl PCPU(CURPCB),%edx
325 movl %eax,PCB_ONFAULT(%edx)
334 movl PCPU(CURPCB),%edx
335 movl $0,PCB_ONFAULT(%edx)
340 * copyin(from_user, to_kernel, len) - MP SAFE
343 movl PCPU(CURPCB),%eax
344 movl $copyin_fault,PCB_ONFAULT(%eax)
347 movl 12(%esp),%esi /* caddr_t from */
348 movl 16(%esp),%edi /* caddr_t to */
349 movl 20(%esp),%ecx /* size_t len */
352 * make sure address is valid
357 cmpl $VM_MAXUSER_ADDRESS,%edx
361 shrl $2,%ecx /* copy longword-wise */
365 andb $3,%cl /* copy remaining bytes */
372 movl PCPU(CURPCB),%edx
373 movl %eax,PCB_ONFAULT(%edx)
381 movl PCPU(CURPCB),%edx
382 movl $0,PCB_ONFAULT(%edx)
387 * casueword. Compare and set user word. Returns -1 on fault,
388 * 0 on non-faulting access. The current value is in *oldp.
390 ALTENTRY(casueword32)
392 movl PCPU(CURPCB),%ecx
393 movl $fusufault,PCB_ONFAULT(%ecx)
394 movl 4(%esp),%edx /* dst */
395 movl 8(%esp),%eax /* old */
396 movl 16(%esp),%ecx /* new */
398 cmpl $VM_MAXUSER_ADDRESS-4,%edx /* verify address is valid */
404 cmpxchgl %ecx,(%edx) /* Compare and set. */
407 * The old value is in %eax. If the store succeeded it will be the
408 * value we expected (old) from before the store, otherwise it will
409 * be the current value.
412 movl PCPU(CURPCB),%ecx
413 movl $0,PCB_ONFAULT(%ecx)
414 movl 12(%esp),%edx /* oldp */
422 * Fetch (load) a 32-bit word, a 16-bit word, or an 8-bit byte from user
428 movl PCPU(CURPCB),%ecx
429 movl $fusufault,PCB_ONFAULT(%ecx)
430 movl 4(%esp),%edx /* from */
432 cmpl $VM_MAXUSER_ADDRESS-4,%edx /* verify address is valid */
436 movl $0,PCB_ONFAULT(%ecx)
445 * fuswintr() and suswintr() are specialized variants of fuword16() and
446 * suword16(), respectively. They are called from the profiling code,
447 * potentially at interrupt time. If they fail, that's okay; good things
448 * will happen later. They always fail for now, until the trap code is
449 * able to deal with this.
459 movl PCPU(CURPCB),%ecx
460 movl $fusufault,PCB_ONFAULT(%ecx)
463 cmpl $VM_MAXUSER_ADDRESS-2,%edx
467 movl $0,PCB_ONFAULT(%ecx)
472 movl PCPU(CURPCB),%ecx
473 movl $fusufault,PCB_ONFAULT(%ecx)
476 cmpl $VM_MAXUSER_ADDRESS-1,%edx
480 movl $0,PCB_ONFAULT(%ecx)
486 movl PCPU(CURPCB),%ecx
488 movl %eax,PCB_ONFAULT(%ecx)
493 * Store a 32-bit word, a 16-bit word, or an 8-bit byte to user memory.
494 * All these functions are MPSAFE.
499 movl PCPU(CURPCB),%ecx
500 movl $fusufault,PCB_ONFAULT(%ecx)
503 cmpl $VM_MAXUSER_ADDRESS-4,%edx /* verify address validity */
509 movl PCPU(CURPCB),%ecx
510 movl %eax,PCB_ONFAULT(%ecx)
516 movl PCPU(CURPCB),%ecx
517 movl $fusufault,PCB_ONFAULT(%ecx)
520 cmpl $VM_MAXUSER_ADDRESS-2,%edx /* verify address validity */
526 movl PCPU(CURPCB),%ecx /* restore trashed register */
527 movl %eax,PCB_ONFAULT(%ecx)
532 movl PCPU(CURPCB),%ecx
533 movl $fusufault,PCB_ONFAULT(%ecx)
536 cmpl $VM_MAXUSER_ADDRESS-1,%edx /* verify address validity */
542 movl PCPU(CURPCB),%ecx /* restore trashed register */
543 movl %eax,PCB_ONFAULT(%ecx)
548 * copyinstr(from, to, maxlen, int *lencopied) - MP SAFE
550 * copy a string from 'from' to 'to', stop when a 0 character is reached.
551 * return ENAMETOOLONG if string is longer than maxlen, and
552 * EFAULT on protection violations. If lencopied is non-zero,
553 * return the actual length in *lencopied.
558 movl PCPU(CURPCB),%ecx
559 movl $cpystrflt,PCB_ONFAULT(%ecx)
561 movl 12(%esp),%esi /* %esi = from */
562 movl 16(%esp),%edi /* %edi = to */
563 movl 20(%esp),%edx /* %edx = maxlen */
565 movl $VM_MAXUSER_ADDRESS,%eax
567 /* make sure 'from' is within bounds */
571 /* restrict maxlen to <= VM_MAXUSER_ADDRESS-from */
588 /* Success -- 0 byte reached */
593 /* edx is zero - return ENAMETOOLONG or EFAULT */
594 cmpl $VM_MAXUSER_ADDRESS,%esi
597 movl $ENAMETOOLONG,%eax
604 /* set *lencopied and return %eax */
605 movl PCPU(CURPCB),%ecx
606 movl $0,PCB_ONFAULT(%ecx)
620 * copystr(from, to, maxlen, int *lencopied) - MP SAFE
626 movl 12(%esp),%esi /* %esi = from */
627 movl 16(%esp),%edi /* %edi = to */
628 movl 20(%esp),%edx /* %edx = maxlen */
638 /* Success -- 0 byte reached */
643 /* edx is zero -- return ENAMETOOLONG */
644 movl $ENAMETOOLONG,%eax
647 /* set *lencopied and return %eax */
686 * Handling of special 386 registers and descriptor tables etc
688 /* void lgdt(struct region_descriptor *rdp); */
690 /* reload the descriptor table */
694 /* flush the prefetch q */
698 /* reload "stale" selectors */
707 /* reload code selector by turning return into intersegmental return */
715 /* ssdtosd(*ssdp,*sdp) */
737 /* void reset_dbregs() */
740 movl %eax,%dr7 /* disable all breakpoints first */
749 /*****************************************************************************/
750 /* setjump, longjump */
751 /*****************************************************************************/
755 movl %ebx,(%eax) /* save ebx */
756 movl %esp,4(%eax) /* save esp */
757 movl %ebp,8(%eax) /* save ebp */
758 movl %esi,12(%eax) /* save esi */
759 movl %edi,16(%eax) /* save edi */
760 movl (%esp),%edx /* get rta */
761 movl %edx,20(%eax) /* save eip */
762 xorl %eax,%eax /* return(0); */
768 movl (%eax),%ebx /* restore ebx */
769 movl 4(%eax),%esp /* restore esp */
770 movl 8(%eax),%ebp /* restore ebp */
771 movl 12(%eax),%esi /* restore esi */
772 movl 16(%eax),%edi /* restore edi */
773 movl 20(%eax),%edx /* get rta */
774 movl %edx,(%esp) /* put in return frame */
775 xorl %eax,%eax /* return(1); */
781 * Support for reading MSRs in the safe manner. (Instead of panic on #gp,
785 /* int rdmsr_safe(u_int msr, uint64_t *data) */
786 movl PCPU(CURPCB),%ecx
787 movl $msr_onfault,PCB_ONFAULT(%ecx)
796 movl PCPU(CURPCB),%ecx
797 movl %eax,PCB_ONFAULT(%ecx)
802 * Support for writing MSRs in the safe manner. (Instead of panic on #gp,
806 /* int wrmsr_safe(u_int msr, uint64_t data) */
807 movl PCPU(CURPCB),%ecx
808 movl $msr_onfault,PCB_ONFAULT(%ecx)
816 movl PCPU(CURPCB),%ecx
817 movl %eax,PCB_ONFAULT(%ecx)
822 * MSR operations fault handler
826 movl PCPU(CURPCB),%ecx
827 movl $0,PCB_ONFAULT(%ecx)
831 ENTRY(handle_ibrs_entry)
833 END(handle_ibrs_entry)
835 ENTRY(handle_ibrs_exit)
837 END(handle_ibrs_exit)